This is a python class intended to be used to automate restricting data to a specific restriction class using access control lists or group ownership. More...

Detailed Description

This is a python class intended to be used to automate restricting data to a specific restriction class using access control lists or group ownership.

Example:

1 rc=RestrictionClass("rstprod")

2 rc.restrict_file("/path/to/some/dangerous/file")

It can also set the Default Access Control List if supplied a directory:

1 rc.restrict_file("/path/to/some/dangerous/directory/")

Definition at line 61 of file rstprod.py.

Inheritance diagram for produtil.rstprod.RestrictionClass:

Public Member Functions
def	__init__
	Create a new RestrictionClass object for the specified group. More...

def	groupname (self)
	The name of the group used for the restriction class.

def	groupid (self)
	The numeric ID of the group used for the restriction class.

def	use_acl (self)
	True if ACLs are used for access permission, False if setgid and chgrp are used. More...

def	acl_for (self, st_mode)
	Returns an produtil.acl.ACL object for the specified access mode. More...

def	restrict_file
	Adds the requested restrictions to the specified file or directory. More...

def	restrict_fd

Protected Member Functions
def	make_acl_dict (self)
	Internal function that generates the ACL dictionary. More...

def	chgrp_restrict (self, target, st_mode, chown, chmod, logger)
	Internal function that uses chgrp to restrict a file's access. More...

def	acl_restrict_file (self, target, st_mode, set_acl, logger)
	Internal function that restricts files using ACLs. More...

Constructor & Destructor Documentation

def produtil.rstprod.RestrictionClass.__init__	(	self,
		group,
		use_acl = `None`,
		logger = `None`
	)

Create a new RestrictionClass object for the specified group.

Parameters

group	The group may be the string group name, or the numeric group id.
use_acl	If use_acl is unspecified, then produtil.cluster.use_acl_for_rstdata() is used to decide.
logger	a logging.Logger for log messages

Definition at line 76 of file rstprod.py.

Member Function Documentation

def produtil.rstprod.RestrictionClass.acl_for	(	self,
		st_mode
	)

Returns an produtil.acl.ACL object for the specified access mode.

Will raise an exception if self.use_acl is False.

Parameters

st_mode desired access mode

Definition at line 171 of file rstprod.py.

Referenced by produtil.rstprod.RestrictionClass.restrict_fd(), and produtil.rstprod.RestrictionClass.restrict_file().

def produtil.rstprod.RestrictionClass.acl_restrict_file	(	self,
		target,
		st_mode,
		set_acl,
		logger
	)

protected

Internal function that restricts files using ACLs.

This is an internal implementation function that should not be called directly. It handles the ACL case of restrict_file.

Parameters

target	the target file
st_mode	the desired access
set_acl	the acl-setting function
logger	a logging.Logger for log messages

Definition at line 206 of file rstprod.py.

Referenced by produtil.rstprod.RestrictionClass.restrict_file().

def produtil.rstprod.RestrictionClass.chgrp_restrict	(	self,
		target,
		st_mode,
		chown,
		chmod,
		logger
	)

protected

Internal function that uses chgrp to restrict a file's access.

This is an internal implementation function that should not be called directly. It handles the non-ACL (chgrp+setgid) case of restrict_file and restrict_gid.

Parameters

target	the target file
st_mode	the desired mode
chown	chowning function
chmod	chmodding function
logger	a logging.Logger for log messages

Definition at line 179 of file rstprod.py.

Referenced by produtil.rstprod.RestrictionClass.restrict_fd(), and produtil.rstprod.RestrictionClass.restrict_file().

def produtil.rstprod.RestrictionClass.make_acl_dict ( self )

protected

Internal function that generates the ACL dictionary.

This is part of the internal implementation of RestrictionClass and should not be used directly. It returns a dict() that maps from integer permission to an ACL object that will set an access control list appropriate for that permission. The user and restriction group will match the old user and group permissions, but other groups will have no permissions, and the "world" permissions will be 0.

Definition at line 132 of file rstprod.py.

Referenced by produtil.rstprod.RestrictionClass.__init__().

def produtil.rstprod.RestrictionClass.restrict_fd	(	self,
		fd,
		st_mode = `None`,
		logger = `None`
	)

Adds the requested restrictions to an opened file.  This
routine needs to stat the opened file to get the stat.st_mode.
@param st_mode To avoid a stat call, send st_mode into the optional argument.
@param fd the target file descriptor
@param logger a logging.Logger for log messages

Definition at line 247 of file rstprod.py.

def produtil.rstprod.RestrictionClass.restrict_file	(	self,
		filename,
		st_mode = `None`,
		logger = `None`
	)

Adds the requested restrictions to the specified file or directory.

This routine needs to stat the opened file to get the stat.st_mode.

Parameters

st_mode	To avoid a stat call, send st_mode into the optional argument.
filename	the target file
logger	a logging.Logger for log messages

Definition at line 228 of file rstprod.py.

def produtil.rstprod.RestrictionClass.use_acl ( self )

True if ACLs are used for access permission, False if setgid and chgrp are used.

Definition at line 166 of file rstprod.py.

The documentation for this class was generated from the following file:

/mnt/pan2/projects/hwrfv3/Samuel.Trahan/trunk/ush/produtil/rstprod.py

Detailed Description

Public Member Functions

Protected Member Functions

Constructor & Destructor Documentation

Member Function Documentation